 Relationships |
|
| Anonymous | Login | 2024-04-27 01:31 CEST |
| Main | My View | View Issues |
| Viewing Issue Simple Details [ Jump to Notes ] | [ View Advanced ] [ Issue History ] [ Print ] | ||||||
| ID | Category | Severity | Reproducibility | Date Submitted | Last Update | ||
| 0005142 | [apache2] upgrade | minor | N/A | 2014-01-20 13:00 | 2014-02-22 11:38 | ||
| Reporter | burger99 | View Status | public | ||||
| Assigned To | dam | ||||||
| Priority | normal | Resolution | fixed | ||||
| Status | closed | ||||||
| Summary | 0005142: Security issues | ||||||
| Description |
mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator. Newest version available is 2.2.26 |
||||||
| Additional Information | |||||||
| Tags | No tags attached. | ||||||
| Attached Files | |||||||
|
|
|||||||
|
Relationships |
|
|
Notes |
|
|
(0010697) dam (administrator) 2014-02-03 17:06 |
I made an experimental package which will show up soon here: http://buildfarm.opencsw.org/experimental.html#apache-2.2.26 [^] Please give it a try and let me know if you are happy with it. |
|
(0010730) dam (administrator) 2014-02-22 11:38 |
Apache 2.2.26,REV=2014.02.07 has been pushed to unstable/. |
| Copyright © 2000 - 2008 Mantis Group |  |
